The policy manager is an interface in the PingAccess administrative console where you can create rules, rule sets, and rule set groups, and apply them to applications and application resources. Policies are the rules, rule sets, or groups of rule sets applied to a specific application and its resources. Policies define how and when a client can access target sites.

When a client attempts to access an application resource identified in one of the policy's rules, rule sets, or rule set groups, PingAccess uses the information within the policy to decide whether the client can access the application resource and whether any additional actions need to occur before granting that access.

For information on how to assign rules, rule sets, and rule set groups, see applying rules to applications and resources.

Rule types

Access control rules
Access control rules can restrict access in a number of ways. For example, an access control rule might:
Tip:

Ensure that any headers used in access control rules, such as the X-Forwarded-For header that network range rules use, are sanitized and managed exclusively by inline infrastructure that users must be routed through before reaching PingAccess and the protected applications.

Processing rules
Processing rules can perform request processing. For example, a processing rule might:

Processing order

Access control rules are applied before processing rules. For each type of rule, the rules are applied in the order configured in the policy manager. All rules are evaluated after identity mappings are, so that the rules have access to the request header field set by the identity mapping.

If rules for an application and rules for a resource both apply to a request, PingAccess applies the rules in the following order:

  1. Application access control rules
  2. Resource access control rules
  3. Resource processing rules
  4. Application processing rules

Agent deployments

The following rules aren't available for agent deployments: